unixo's blog

Guzzle and the Empty Cookie

Recently I had to write an HTTP client to fetch some data from a remote website and parse it.

I ain’t a perl-fan, for this kind of problem I prefer PHP as development tool, so I was looking for
some rock-solid PHP-framework that was:

object-oriented developed

able to manage an authentication (basic, digest, …)

capable to issue any HTTP method (GET, POST, DELETE, …)

(possibly) managed by composer

Googling around I found Guzzle, which meets all my requirements, makes
use of Symfony’s event dispatcher (which I used in the past) and it’s also used by other well-known realities
such as Drupal and Goutte.

Guzzle is ready-to-use, easy to setup and integrate with your project; by the way I spent half an afternoon
analyzing the following scenario.

In its first response, the server sets the cookie FOO and, after the client successfully authenticates (basic
authentication), the server clears the cookie FOO (assigning an empty value), along with creating a new one
(BAR). From this moment, all requests sent by the client must not include the cookie FOO, but only BAR.

The problem is that the empty cookie FOO contained in the second server response is correctly discarded by
Guzzle as it’s considered invalid, but Guzzle doesn’t check if there is already a cookie with the same name in
the cookie jar.